public static string GetAnswerFromHtml(string html, string query, ExploitDetails ExploitDetails, bool detailedExceptions)
{
string result = string.Empty;
if (!string.IsNullOrEmpty(html))
{
try
{
result = html.Substring(html.IndexOf(ExploitDetails.ResultStart) +
ExploitDetails.ResultStart.Length,
html.IndexOf(ExploitDetails.ResultEnd) - html.IndexOf(ExploitDetails.ResultStart) -
ExploitDetails.ResultStart.Length);
}
catch
{
string userFriendlyException = "Could not parse sql injection result.";
if (!string.IsNullOrEmpty(ExploitDetails.ErrorStart) && !string.IsNullOrEmpty(ExploitDetails.ErrorEnd))
if (html.IndexOf(ExploitDetails.ErrorStart) > -1 && html.IndexOf(ExploitDetails.ErrorEnd) > -1)
userFriendlyException = string.Format("Sql exception occured: {0}",
html.Substring(html.IndexOf(ExploitDetails.ErrorStart) +
ExploitDetails.ErrorStart.Length,
html.IndexOf(ExploitDetails.ErrorEnd) - html.IndexOf(ExploitDetails.ErrorStart) -
ExploitDetails.ErrorStart.Length));
if (detailedExceptions)
userFriendlyException = string.Format("{0}({1})", userFriendlyException, query);
throw new SqlInjException(userFriendlyException);
}
}
if (ExploitDetails.TrimLast)
result = result.Remove(result.Length - 1, 1);
return result;
}
public static IList<string> GetMultipleAnswersFromHtml(string html, string query, ExploitDetails ExploitDetails, bool detailedExceptions,
Func<string,string> resultFormatter=null)
{
// return GetMultipleAnswersFromHtml(html, query, ExploitDetails, detailedExceptions, false);
//}
//public static IList<string> GetMultipleAnswersFromHtml(string html, string query, ExploitDetails ExploitDetails, bool detailedExceptions,bool urlEscapeResults)
//{
IList<string> results = new List<string>();
string result = string.Empty;
if (!string.IsNullOrEmpty(html))
{
int resultStartIndex = 0;
int resultLength = 0;
int resultEndIndex = 0;
while (resultStartIndex != -1)
{
try
{
resultStartIndex = html.IndexOf(ExploitDetails.ResultStart, resultEndIndex);
if (resultStartIndex == -1)
break;
resultStartIndex += ExploitDetails.ResultStart.Length;
resultEndIndex = html.IndexOf(ExploitDetails.ResultEnd, resultStartIndex);
resultLength = resultEndIndex - resultStartIndex;
}
catch
{
break;
}
try
{
result = html.Substring(resultStartIndex, resultLength);
if (ExploitDetails.TrimLast)
result = result.Remove(result.Length - 1, 1);
results.Add((resultFormatter != null)?resultFormatter(result):result);
//if (urlEscapeResults)
// result = Uri.UnescapeDataString(result);
results.Add(result);
}
catch
{
string userFriendlyException = "Could not parse sql injection result.";
if (!string.IsNullOrEmpty(ExploitDetails.ErrorStart) && !string.IsNullOrEmpty(ExploitDetails.ErrorEnd))
if (html.IndexOf(ExploitDetails.ErrorStart) > -1 && html.IndexOf(ExploitDetails.ErrorEnd) > -1)
userFriendlyException = string.Format("Sql exception occured: {0}",
html.Substring(html.IndexOf(ExploitDetails.ErrorStart) +
ExploitDetails.ErrorStart.Length,
html.IndexOf(ExploitDetails.ErrorEnd) - html.IndexOf(ExploitDetails.ErrorStart) -
ExploitDetails.ErrorStart.Length));
if (detailedExceptions)
userFriendlyException = string.Format("{0}({1})", userFriendlyException, query);
throw new SqlInjException(userFriendlyException);
}
}
}
return results;
}
